SSO documents from last year

[Guy Rixon]

Hi,

there are two documents concerning single sign-on on the GWS wiki page.
They're stuff I wrote last year.

"Single-Sign-On Authentication for the IVO: introduction and description of
principles" v0.1 seems still to be relevant to me. I would like to issue a
v0.2 of this note with minor updates to be discussed at Kyoto. If that issue
pleases the group, then I'd like to release the Note at v1.0 immediately after
Kyoto.

"IVOA single-sign-on profile: message protocol" v0.1 I now consider obsolete;
we should not implement this protocol. 	Most of the complexity of the protocol
is there to guard against message-modification and replay attacks. In the
short term, I don't think these are enough of a threat to warrant the
complexity. In the longer term (2007 and later) I expect that there will be
computer-industry standards that we should follow instead of doing our own
protocol. Carlo Nicola, who is working at Cambridge on IVO security, has
suggested a simpler use of digital signatures and I'll post that for
discussion at Kyoto.

There was going to be a third paper about the use of communities as trust
anchors. That didn't get written in 2004. The "v0.0" draft of this paper is
the trust-model discussion we had on this list last month. I'll try and draw
that discussion together into a IVOA draft next week.

Finally, I now feel in a position to write a strawman document describing a
possible security architecture that we can start to implement: something for
you all to rip to pieces :) .  I'll try and get v0.1 of that out next week,
too. For a preview, you could have a look at

  http://wiki.astrogrid.org/bin/view/Astrogrid/SecurityArchitectureFor2005

and

  http://wiki.astrogrid.org/bin/view/Astrogrid/IdentityDelegation

Cheers,
Guy

Guy Rixon 				        gtr at ast.cam.ac.uk
Institute of Astronomy   	                Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA		Fax: +44-1223-337523